Samsung Lock Screen Bypass Has Dueling Third-Party Solutions

Certain Samsung phones are vulnerable to a fast-fingered attack that can completely bypass the lock screen. Mobile security vendors Bkav and Lookout offer third-party protection, pending a fix by Samsung, but they don't agree on technique.

Earlier this month mobile enthusiast Terence Eden reported a flaw in the lock screen code for Samsung's version of Android, a flaw that would allow dialing numbers and running apps even when the phone is locked. He later parlayed the same technique into an attack that can totally disable the lock screen. Samsung is working on a patch, but in the interim, mobile security companies are taking their own measures to protect users.

No Emergency CallsThe window of vulnerability occurs when someone opens the In Case of Emergency (ICE) app (which is available even when the phone is locked) and then presses the Home button. Researchers at Vietnamese security company Bkav identified ICE as the source of the problem. In a recent post they explained, "The flaw lies in the fact that Samsung engineers allow ICE to be launched from emergency call window. It means a normal app (in this case ICE) is allowed to run even when the phone has been locked."

Bkav's solution is to disable the ICE app. Using the free or commercial version of Bkav Mobile Security, users can choose "Anti lock screen bypass" to activate this feature. Don't see that option? Then your phone isn't one that's vulnerable to this bug.

The Bkav post also points to a fix offered by Lookout, the maker of Editors's Choice Lookout Mobile Security, claiming that Lookout's fix is ineffective. Lookout monitors the ICE app and forces it to the foreground if it gets pushed to the background by the (brief) appearance of the Home screen. According to Bkav, "this is also the failure road that Samsung engineers went on... [when] home screen has already been revealed, [it leaves] enough time for bad guys to access apps there."

Lookout RespondsDavid Richardson, Product Manager behind Lookout's fix, thinks otherwise. "There are a bunch of issues," said Richardson. "One of them is that you can momentarily see the home screen and possibly click one button... The vulnerability that we're protecting you from is much worse. It lets you completely bypass the lock screen so it won't even re-lock unless you turn the device of and back on."

Richardson pointed out that for a hacker, the fact that you can momentarily see the home screen is a clue that something's wrong, that you might be able to parlay that glimpse into full access. "People have found four or five ways to bypass the lock screen so far. We protect against the most severe, but there are probably five more yet to be discovered.

A Different Approach"We explored the approach they implemented," said Richardson, "but we felt it was too intrusive, not something we could push out to 35 million users." He went on to note, "If we prevented even one person from making a necessary emergency call, that's way worse than any vulnerability. Instead, we protect the majority from the most critical risk which is permanent bypass of the lock screen."

Richardson pointed out that the Bkav solution requires active participation by the user. "If we were going to do that, we'd have to ask for confirmation to disable ICE," said Richardson. "We wouldn't just take that action, but we do want to protect users who never even heard of this vulnerability."

In the end, said Richardson, "Samsung needs to fix the fundamental problem. Users should look for that patch—we'll let them know when it's available. And we'll protect them in the interim."

Responding to an earlier query by SecurityWatch, Samsung said "Samsung considers user privacy and the security of user data its top priority. We are aware of this issue and will release a fix at the earliest possibility."

Remember, too, that nobody can break into your phone using this technique while the phone resides safely in your pocket or purse. There's a lot to be said for plain old physical security.

About the Author

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted b... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.